Dataset distillation has emerged as a prominent technique to improve data efficiency when training machine learning models. It encapsulates the knowledge from a large dataset into a smaller synthetic dataset. A model trained on this smaller distilled dataset can attain comparable performance to a model trained on the original training dataset. However, the existing dataset distillation techniques mainly aim at achieving the best trade-off between resource usage efficiency and model utility. The security risks stemming from them have not been explored. This study performs the first backdoor attack against the models trained on the data distilled by dataset distillation models in the image domain. Concretely, we inject triggers into the synthetic data during the distillation procedure rather than during the model training stage, where all previous attacks are performed. We propose two types of backdoor attacks, namely NAIVEATTACK and DOORPING. NAIVEATTACK simply adds triggers to the raw data at the initial distillation phase, while DOORPING iteratively updates the triggers during the entire distillation procedure. We conduct extensive evaluations on multiple datasets, architectures, and dataset distillation techniques. Empirical evaluation shows that NAIVEATTACK achieves decent attack success rate (ASR) scores in some cases, while DOORPING reaches higher ASR scores (close to 1.0) in all cases. Furthermore, we conduct a comprehensive ablation study to analyze the factors that may affect the attack performance. Finally, we evaluate multiple defense mechanisms against our backdoor attacks and show that our attacks can practically circumvent these defense mechanisms.
translated by 谷歌翻译
Recently, webly supervised learning (WSL) has been studied to leverage numerous and accessible data from the Internet. Most existing methods focus on learning noise-robust models from web images while neglecting the performance drop caused by the differences between web domain and real-world domain. However, only by tackling the performance gap above can we fully exploit the practical value of web datasets. To this end, we propose a Few-shot guided Prototypical (FoPro) representation learning method, which only needs a few labeled examples from reality and can significantly improve the performance in the real-world domain. Specifically, we initialize each class center with few-shot real-world data as the ``realistic" prototype. Then, the intra-class distance between web instances and ``realistic" prototypes is narrowed by contrastive learning. Finally, we measure image-prototype distance with a learnable metric. Prototypes are polished by adjacent high-quality web images and involved in removing distant out-of-distribution samples. In experiments, FoPro is trained on web datasets with a few real-world examples guided and evaluated on real-world datasets. Our method achieves the state-of-the-art performance on three fine-grained datasets and two large-scale datasets. Compared with existing WSL methods under the same few-shot settings, FoPro still excels in real-world generalization. Code is available at https://github.com/yuleiqin/fopro.
translated by 谷歌翻译
Large language models (LLMs) have been shown to be able to perform new tasks based on a few demonstrations or natural language instructions. While these capabilities have led to widespread adoption, most LLMs are developed by resource-rich organizations and are frequently kept from the public. As a step towards democratizing this powerful technology, we present BLOOM, a 176B-parameter open-access language model designed and built thanks to a collaboration of hundreds of researchers. BLOOM is a decoder-only Transformer language model that was trained on the ROOTS corpus, a dataset comprising hundreds of sources in 46 natural and 13 programming languages (59 in total). We find that BLOOM achieves competitive performance on a wide variety of benchmarks, with stronger results after undergoing multitask prompted finetuning. To facilitate future research and applications using LLMs, we publicly release our models and code under the Responsible AI License.
translated by 谷歌翻译
对网络攻击的现代防御越来越依赖于主动的方法,例如,基于过去的事件来预测对手的下一个行动。建立准确的预测模型需要许多组织的知识; las,这需要披露敏感信息,例如网络结构,安全姿势和政策,这些信息通常是不受欢迎的或完全不可能的。在本文中,我们探讨了使用联合学习(FL)预测未来安全事件的可行性。为此,我们介绍了Cerberus,这是一个系统,可以为参与组织的复发神经网络(RNN)模型进行协作培训。直觉是,FL可能会在非私有方法之间提供中间地面,在非私有方法中,训练数据在中央服务器上合并,而仅训练本地模型的较低性替代方案。我们将Cerberus实例化在从一家大型安全公司的入侵预防产品中获得的数据集上,并评估其有关实用程序,鲁棒性和隐私性,以及参与者如何从系统中贡献和受益。总体而言,我们的工作阐明了将FL执行此任务的积极方面和挑战,并为部署联合方法以进行预测安全铺平了道路。
translated by 谷歌翻译
关于神经体系结构搜索(NAS)的现有研究主要集中于有效地搜索具有更好性能的网络体系结构。几乎没有取得进展,以系统地了解NAS搜索的架构是否对隐私攻击是强大的,而丰富的工作已经表明,人类设计的架构容易受到隐私攻击。在本文中,我们填补了这一空白,并系统地衡量了NAS体系结构的隐私风险。利用我们的测量研究中的见解,我们进一步探索了基于细胞的NAS架构的细胞模式,并评估细胞模式如何影响NAS搜索架构的隐私风险。通过广泛的实验,我们阐明了如何针对隐私攻击设计强大的NAS体系结构,还提供了一种通用方法,以了解NAS搜索的体系结构与其他隐私风险之间的隐藏相关性。
translated by 谷歌翻译
面部聚类是使用大型未标记的面部图像扩展面部识别系统的一种有希望的方法。识别我们称之为硬群的小或稀疏的面部图像簇仍然具有挑战性,这是由簇的异质性,\ ie,大小和稀疏性的高变化引起的。因此,使用均匀阈值(识别簇)的常规方式通常会导致对应该属于硬群的样品的可怕分类。我们通过利用样品的邻居信息并以概率方式推断(样本的)群集成员来解决这个问题。我们介绍了两个新型模块,分别是基于邻域扩散的密度(NDDE)和基于过渡概率的距离(TPDI),我们可以简单地将标准密度峰值聚类算法应用于均匀的阈值。我们对多个基准测试的实验表明,每个模块都会有助于我们方法的最终性能,并通过将其纳入其他高级面部聚类方法中,这两个模块可以将这些方法的性能提高到新的最先进。代码可在以下网址获得:https://github.com/echoanran/on-mitigating-hard-clusters。
translated by 谷歌翻译
许多真实数据以图形的形式出现。图表神经网络(GNNS)是一个新的机器学习(ML)模型,已建议完全利用图表数据来构建强大的应用程序。特别地,可以概括到看不见的数据的电感GNN成为主流。机器学习模型在各种任务中表现出很大的潜力,并已在许多真实情景中部署。要培训良好的模型,需要大量的数据以及计算资源,从而导致有价值的知识产权。以前的研究表明,ML模型容易窃取攻击模型,旨在窃取目标模型的功能。然而,大多数人都专注于用图像和文本接受培训的模型。另一方面,对于用图表数据,即GNNS接受培训的模型,已经支付了很少的注意。在本文中,我们通过提出针对电感GNN的第一个模型窃取攻击来填补差距。我们系统地定义了威胁模型,并根据对手的背景知识和目标模型的响应提出六次攻击。我们对六个基准数据集的评估显示,拟议的模型窃取针对GNN的攻击实现了有希望的性能。
translated by 谷歌翻译
本文旨在探讨神经架构搜索(NAS)的可行性仅在不使用任何原始训练数据的情况下给出预先训练的模型。这是实质保护,偏离避免等的重要情况。为实现这一目标,我们首先通过从预先训练的深神经网络中恢复知识来综合可用数据。然后我们使用合成数据及其预测的软标签来指导神经结构搜索。我们确定NAS任务需要具有足够的语义,多样性和来自自然图像的最小域间隙的合成数据(我们在此处瞄准)。对于语义,我们提出了递归标签校准,以产生更多的信息性输出。对于多样性,我们提出了一个区域更新策略,以产生更多样化和富集的合成数据。对于最小的域间隙,我们使用输入和特征级正则化来模拟潜在空间的原始数据分布。我们将我们提出的三个流行NAS算法实例化:飞镖,Proxylessnas和Spos。令人惊讶的是,我们的结果表明,通过搜索我们的合成数据来实现的架构,实现了与从原始的架构中搜索的架构相当的准确性,首次导出了NAS可以有效完成的结论如果合成方法设计良好,则无需访问原件或称为自然数据。我们的代码将公开提供。
translated by 谷歌翻译
Few Shot Instance Segmentation (FSIS) requires models to detect and segment novel classes with limited several support examples. In this work, we explore a simple yet unified solution for FSIS as well as its incremental variants, and introduce a new framework named Reference Twice (RefT) to fully explore the relationship between support/query features based on a Transformer-like framework. Our key insights are two folds: Firstly, with the aid of support masks, we can generate dynamic class centers more appropriately to re-weight query features. Secondly, we find that support object queries have already encoded key factors after base training. In this way, the query features can be enhanced twice from two aspects, i.e., feature-level and instance-level. In particular, we firstly design a mask-based dynamic weighting module to enhance support features and then propose to link object queries for better calibration via cross-attention. After the above steps, the novel classes can be improved significantly over our strong baseline. Additionally, our new framework can be easily extended to incremental FSIS with minor modification. When benchmarking results on the COCO dataset for FSIS, gFSIS, and iFSIS settings, our method achieves a competitive performance compared to existing approaches across different shots, e.g., we boost nAP by noticeable +8.2/+9.4 over the current state-of-the-art FSIS method for 10/30-shot. We further demonstrate the superiority of our approach on Few Shot Object Detection. Code and model will be available.
translated by 谷歌翻译
Nowadays, time-stamped web documents related to a general news query floods spread throughout the Internet, and timeline summarization targets concisely summarizing the evolution trajectory of events along the timeline. Unlike traditional document summarization, timeline summarization needs to model the time series information of the input events and summarize important events in chronological order. To tackle this challenge, in this paper, we propose a Unified Timeline Summarizer (UTS) that can generate abstractive and extractive timeline summaries in time order. Concretely, in the encoder part, we propose a graph-based event encoder that relates multiple events according to their content dependency and learns a global representation of each event. In the decoder part, to ensure the chronological order of the abstractive summary, we propose to extract the feature of event-level attention in its generation process with sequential information remained and use it to simulate the evolutionary attention of the ground truth summary. The event-level attention can also be used to assist in extracting summary, where the extracted summary also comes in time sequence. We augment the previous Chinese large-scale timeline summarization dataset and collect a new English timeline dataset. Extensive experiments conducted on these datasets and on the out-of-domain Timeline 17 dataset show that UTS achieves state-of-the-art performance in terms of both automatic and human evaluations.
translated by 谷歌翻译